Mon, Jun
3 New Articles

Identity Management Solutions Evolve Toward Broader Acceptance

Compliance / Privacy
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

As solutions become easier to implement and maintain, the presence of compliance regulations coupled with rising external threats will likely drive their widespread adoption.


In earlier columns in MC Systems Insight and MC Tips 'N Techniques, I've written at length about the importance of having good, strong passwords, but we haven't talked about the importance of having secure answers to security questions. For those of you still in the dark about how Sarah Palin's Yahoo email account was hacked by a Tennessee teenager with the handle "rubico," it was via the password reset function.


According to his own admission, rubico researched Palin's birthday in Wikipedia.org, her ZIP code was available from the U.S. Postal Service because she lived in a small town that has only two, and her security question he guessed. The system asked him, "Where did you meet your spouse?" After a little online research, it didn't take rubico long to figure out the answer. The phrase "Wasilla High" got him into the Alaska governor's email account.


The breach is simply a highly publicized example of the types of intrusions and misrepresentations that are occurring every day. I recently got a call from the Bank of America, who asked me if I had been trying to use my credit card to purchase a $900 money order from Western Union. Unfortunately, the answer was no. The bank immediately canceled my card and ordered me a new one. The transaction request had been denied because the perpetrator didn't have the security code from the back of my card.


Recently, we here at MC Press Online received a status report on the number of spam emails coming into the company, many of which we have found carry viruses. On an annual basis, the number runs into the millions. Fortunately, our automatic spam filters catch most of them.  As we all know, the problem of identity theft and fraud online is becoming more commonplace as electronic systems expand our vulnerabilities. The rapid pace at which this is occurring, however, makes the business of security and access management a growing industry. IT managers are being asked to evaluate and implement an ever-growing number of new solutions that focus on data security, authentication, access management, compliance, and identity assurance.


From the perspective of the systems administrator, the prospect of deploying and maintaining increasingly complex authentication solutions is somewhat daunting for no other reason than it means more work. An IBM executive told me recently that when systems create so much overhead for the oversight teams that they become a burden on the people charged with running them, people rebel. They will actually figure out ways to get around using the systems. So while some of these compliance systems are designed to ease inconveniences to users, the question remains as to whether they're easy enough for time-constrained administrators to deploy and maintain.


Security professionals gathered earlier this month at the Gartner Identity and Access Management Summit, which included two days of networking and presentation of technical papers delivered on the latest developments in compliance management and trusted identity. IBM used the forum to announce several new partnerships with independent software vendors that will help fortify its already-leading Tivoli identity solutions through better integration with other companies' products. Arcot is a SaaS software provider with a product called A-OK On-Demand that now integrates with IBM Tivoli Access Manager for e-business. The Arcot solution protects and verifies identities using a combination of risk-based and strong authentication so that only authorized users gain access to confidential, proprietary, or regulated data. Integration between the Arcot and IBM solutions allows companies to implement strong authentication significantly more easily than before and without changing a user's sign-on behavior. The result is further protection against phishing and man-in-the-middle attacks, according to the companies. This feat is accomplished without installing new hardware or software.


Another IBM partner, Gemalto, has worked with IBM and its trusted identity initiative to integrate strong authentication capabilities best practices and use cases for protecting and securing personal identities and assets. The company's Protiva Strong Authentication Solution features a broad range of personal security devices. They use smart-card technology for a one-time password (OTP) and public-key infrastructure (PKI) for certificate authentication. The devices are available in card and USB token form factors. The strong-authentication solution with identity and access management helps protect identities and enterprise information systems against phishing attacks, key logging, shoulder surfing, and stolen passwords, the company says.


Multi-biometric technologies from L-1 Identity Solutions include any combination of finger, face, palm, and iris recognition. These too are now integrated into IBM systems to help protect customer identities and assets. L-1's credentialing solutions help integrate personalization and enhanced security features into a variety of credentials, the company reports. Access control readers use state-of-the-art finger and face recognition technologies, including what's known as 3-D face, to control people's access to buildings and facilities. The company even has a set of mobile devices that capture a person's unique biometric features and use them to verify her identity.


Joe Anthony, program director for IBM Tivoli Security Compliance Management, told me that he believes every single Fortune 500 company today is using some form of enterprise identity management. The question is not whether these companies are using it--just how widely it is distributed within the company's infrastructure.


"I would be surprised if there is anyone in the Fortune 500 who is not using this [identity management solution]," Anthony said. "It's a matter of how broadly they are distributed.... With identity management, you may see some low-end systems that are not dispersed very broadly in the organization, but then there are others who have done a very thorough job and have a complete solution addressing all their applications and end-users. So for most of the Fortune 500, it's a matter of how broadly distributed they are, not whether or not they have it."


Anthony says IBM is investing heavily in its more than two dozen identity-security products and is also working to develop new offerings, including a new security policy manager that will allow customers to define the policies they want associated with their individual application authorizations. The field is growing, and it's being encouraged along by the group of government-mandated compliance-policy regulations. "Government regulations demand that enterprises take full responsibility for data security, and the linkage between data security and strong authentication should not be underestimated," said Al Zollar, general manager, IBM Tivoli Software. "Human identity and authentication systems are only valuable when they can be trusted. IBM's focus on identity assurance integrates access management, data security, and compliance capabilities into the critical processes that improve trust and confidence in business transactions."


Emerging areas of interest in the field extend beyond network and enterprise identity management to trading partner access management and trusted identity. The latter is best understood by thinking of taking something like a passport and transferring its authentication properties to the electronic domain. The fact that billions of people, each with a separate identity, all require and use various forms of identification and authentication on a daily basis--from employee badges to driver's licenses--suggests the business of ensuring that each of these can be trusted represents a major undertaking. IBM is working through its centers in Dallas; San Jose; Bangalore, India; and LaGaude, France--called IBM Trusted Identity Centers of Excellence--to extend IBM's identity management capabilities so as to improve trust and confidence in the broad spectrum of human identity-management devices.


To ensure acceptance of today's identity-management solutions, vendors must focus on two objectives, according to Anthony. "One, you want to ensure the cost of the technology, including the total operational costs and everything, has to be an order of magnitude less than the exposure the company faces as a result of fraud or failure of an audit," Anthony says. "In addition, it has to be very easy for either an application developer or the administrator running the system to implement it and maintain it.... Any barriers that you put in place in the overall deployment or day-to-day operations of the system by creating overhead for those who have to use it is just not a very good business decision on the part of vendors," said Anthony.


Integration with a company's current systems also apparently is a key to acceptance. "It's a matter of integrating with the customer's existing systems," Anthony says. "We can't expect the customer systems to be modified to work with our applications, so this requires ongoing investment on our part. The challenge is how to make it as easy as possible to drop into their existing environment."


While Anthony and others confirm there is not likely to be a revolution any time soon in identity management, there is, nevertheless, an evolution underway. It is toward broader implementation and easier deployment. Experts gauge that the movement will be ongoing for the next several decades, driven by compliance regulations and the need to thwart the increasing number of attempts to steal assets and counterfeit people's identities.

Chris Smith

Chris Smith was the Senior News Editor at MC Press Online from 2007 to 2012 and was responsible for the news content on the company's Web site. Chris has been writing about the IBM midrange industry since 1992 when he signed on with Duke Communications as West Coast Editor of News 3X/400. With a bachelor's from the University of California at Berkeley, where he majored in English and minored in Journalism, and a master's in Journalism from the University of Colorado, Boulder, Chris later studied computer programming and AS/400 operations at Long Beach City College. An award-winning writer with two Maggie Awards, four business books, and a collection of poetry to his credit, Chris began his newspaper career as a reporter in northern California, later worked as night city editor for the Rocky Mountain News in Denver, and went on to edit a national cable television trade magazine. He was Communications Manager for McDonnell Douglas Corp. in Long Beach, Calif., before it merged with Boeing, and oversaw implementation of the company's first IBM desktop publishing system there. An editor for MC Press Online since 2007, Chris has authored some 300 articles on a broad range of topics surrounding the IBM midrange platform that have appeared in the company's eight industry-leading newsletters. He can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..



Support MC Press Online

$0.00 Raised:

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: